CVE-2007-6187 - Vulnerability Details - OpenCVE

Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Noah	Noah

Configuration 1 [-]

cpe:2.3:a:noah:noah:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/39682
http://osvdb.org/39683
http://osvdb.org/39684
http://www.securityfocus.com/bid/26633
https://exchange.xforce.ibmcloud.com/vulnerabilities/38727
https://www.exploit-db.com/exploits/4675

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-30T01:00:00

Updated: 2024-08-07T15:54:27.071Z

Reserved: 2007-11-29T00:00:00

Link: CVE-2007-6187

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-11-30T01:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6187

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "39682", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39682"}, {"name": "39683", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39683"}, {"name": "26633", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26633"}, {"name": "39684", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39684"}, {"name": "noah-filepath-directory-traversal(38727)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38727"}, {"name": "4675", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4675"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6187", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39682", "refsource": "OSVDB", "url": "http://osvdb.org/39682"}, {"name": "39683", "refsource": "OSVDB", "url": "http://osvdb.org/39683"}, {"name": "26633", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26633"}, {"name": "39684", "refsource": "OSVDB", "url": "http://osvdb.org/39684"}, {"name": "noah-filepath-directory-traversal(38727)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38727"}, {"name": "4675", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4675"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:54:27.071Z"}, "title": "CVE Program Container", "references": [{"name": "39682", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39682"}, {"name": "39683", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39683"}, {"name": "26633", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26633"}, {"name": "39684", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39684"}, {"name": "noah-filepath-directory-traversal(38727)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38727"}, {"name": "4675", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4675"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6187", "datePublished": "2007-11-30T01:00:00", "dateReserved": "2007-11-29T00:00:00", "dateUpdated": "2024-08-07T15:54:27.071Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:noah:noah:*:*:*:*:*:*:*:*", "matchCriteriaId": "A24DFA2A-CBF3-43C3-989C-A434833D88E2", "versionEndIncluding": "0.9_pre_1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en PHP Content Architect (tambi\u00e9n conocido como NoAh) 0.9 pre 1.2 y anteriores permiten a atacantes remotos leer ficheros de su elecci\u00f3n mediante una secuencia .. (punto punto) en el par\u00e1metro filepath a (1) css_file.php, (2) js_file.php, o (3) xml_file.php en noah/modules/nosystem/templates/."}], "id": "CVE-2007-6187", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-30T01:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/39682"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39683"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/39684"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26633"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38727"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39683"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4675"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}